playbooks

home / skills / autumnsgrove / groveengine / git-hooks

git-hooks skill

/.claude/skills/git-hooks

This skill helps you set up and enforce Git pre-commit hooks for code quality, secrets scanning, and commit message validation.

npx playbooks add skill autumnsgrove/groveengine --skill git-hooks

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
4.8 KB
---
name: git-hooks
description: Set up and configure Git pre-commit hooks for code quality, secrets scanning, and commit message validation. Use when installing git hooks, configuring pre-commit checks, or enforcing code standards.
---

# Git Hooks Skill

## When to Activate

Activate this skill when:
- Setting up pre-commit hooks
- Configuring commit message validation
- Installing secrets scanners
- Enforcing code quality standards
- Automating pre-push tests

## Quick Installation

```bash
# Use interactive installer (recommended)
./AgentUsage/pre_commit_hooks/install_hooks.sh

# Or manual installation for Python project
cp AgentUsage/pre_commit_hooks/commit-msg .git/hooks/
cp AgentUsage/pre_commit_hooks/pre-commit-python .git/hooks/pre-commit
cp AgentUsage/pre_commit_hooks/pre-commit-secrets-scanner .git/hooks/pre-commit-secrets
cp AgentUsage/pre_commit_hooks/pre-push .git/hooks/
chmod +x .git/hooks/*
```

## Available Hooks

### Core Hooks (All Projects)

| Hook | Purpose |
|------|---------|
| `commit-msg` | Validates conventional commit format |
| `pre-commit-secrets-scanner` | Prevents leaked API keys/secrets |

### Language-Specific

| Hook | Language | Checks |
|------|----------|--------|
| `pre-commit-python` | Python | Black, Ruff |
| `pre-commit-javascript` | JS/TS | Prettier, ESLint, TypeScript |
| `pre-commit-go` | Go | gofmt, go vet |
| `pre-commit-multi-language` | Mixed | Auto-detects and runs appropriate tools |

### Automation Hooks

| Hook | Purpose |
|------|---------|
| `pre-push` | Runs tests before push |
| `post-checkout` | Auto-updates dependencies on branch switch |
| `post-commit` | Shows commit summary and TODOs |

## Hook Selection by Project

```bash
# Python Project
commit-msg + pre-commit-python + pre-commit-secrets-scanner + pre-push

# JavaScript Project
commit-msg + pre-commit-javascript + pre-commit-secrets-scanner + pre-push

# Go Project
commit-msg + pre-commit-go + pre-commit-secrets-scanner + pre-push

# Multi-language
commit-msg + pre-commit-multi-language + pre-commit-secrets-scanner + pre-push
```

## What Each Hook Does

### commit-msg
Validates commit message format:
```bash
# Accepted formats
feat: Add user authentication
fix: Correct validation error
docs(readme): Update installation

# Rejected
Update files  # No type
feat add feature  # Missing colon
```

### pre-commit-secrets-scanner
Scans for exposed secrets:
- Anthropic API keys (`sk-ant-...`)
- OpenAI API keys (`sk-...`)
- AWS credentials (`AKIA...`)
- GitHub tokens (`ghp_...`)
- Hardcoded passwords

### pre-commit-python
```bash
# Runs automatically on staged .py files
uv run black --check $file
uv run ruff check $file
```

### pre-push
```bash
# Runs before push
uv run pytest tests/  # or pnpm test, go test, cargo test
```

## Testing Hooks

```bash
# Test pre-commit directly
.git/hooks/pre-commit

# Test with sample commit
git add .
git commit -m "test: verify hooks"

# Run with debug output
bash -x .git/hooks/pre-commit
```

## Bypassing Hooks (Emergency Only)

```bash
# Skip all hooks
git commit --no-verify -m "Emergency fix"

# Only use when:
# - Emergency production fixes
# - Hook malfunction
# - Intentional override
```

## Troubleshooting

### Hook Not Running

```bash
# Check existence
ls -l .git/hooks/

# Fix permissions
chmod +x .git/hooks/*

# Check syntax
bash -n .git/hooks/pre-commit
```

### Permission Denied

```bash
chmod +x .git/hooks/*
```

### Failed Quality Checks

```bash
# Run tools manually
uv run black --check .
uv run ruff check .

# Fix issues
uv run black .
uv run ruff check --fix .

# Retry commit
git commit -m "Your message"
```

### Missing Tools

```bash
# Install code quality tools
uv add --dev black ruff

# Verify installation
which black
uv run black --version
```

## Custom Hook Configuration

### Modify pre-commit for Your Project

```bash
#!/bin/bash
# .git/hooks/pre-commit

# Get staged Python files
FILES=$(git diff --cached --name-only --diff-filter=ACM | grep '\.py$')

if [ -n "$FILES" ]; then
    # Run your tools
    uv run black --check $FILES || exit 1
    uv run ruff check $FILES || exit 1
fi

exit 0
```

## Hook Execution Order

1. **pre-commit** - Before commit (code quality)
2. **commit-msg** - Validates message format
3. **post-commit** - After commit (notifications)
4. **pre-push** - Before push (tests)

## Best Practices

### DO ✅
- Install secrets scanner on ALL projects
- Use commit-msg for consistent history
- Run tests in pre-push
- Test hooks after installation

### DON'T ❌
- Skip hooks regularly
- Disable secrets scanning
- Ignore hook failures
- Commit without testing hooks first

## Related Resources

See `AgentUsage/pre_commit_hooks/` for:
- `setup_guide.md` - Complete installation guide
- `examples.md` - Custom hook examples
- `TROUBLESHOOTING.md` - Common issues
- Individual hook scripts for reference

Overview

This skill sets up and configures Git pre-commit and related hooks to enforce code quality, scan for secrets, and validate commit messages. It provides reusable hooks for TypeScript, Python, Go, multi-language projects, and automation hooks like pre-push and post-commit. Use it to standardize commit practices and prevent accidental secrets or style regressions across a multi-tenant blog platform.

How this skill works

The skill installs hook scripts into .git/hooks and wires them to run linters, formatters, secret scanners, and test suites on staged files or before push. Core hooks validate conventional commit messages and scan for API keys or tokens. Language-specific hooks run tools like Prettier, ESLint, Black, Ruff, and gofmt; automation hooks run tests and update dependencies on branch switch.

When to use it

  • Initial repository setup or onboarding new developers
  • Enforcing conventional commit messages and changelog accuracy
  • Preventing accidental commit of secrets and API keys
  • Running linters/formatters on staged TypeScript and Python files
  • Running tests before pushing to remote to avoid broken builds

Best practices

  • Install a secrets scanner on every repository and fail the commit if secrets are detected
  • Use commit-msg hook to enforce conventional commit format for consistent history
  • Run tests in pre-push to catch regressions before CI
  • Make hooks executable and test them locally (bash -x .git/hooks/pre-commit)
  • Avoid --no-verify except for true emergencies and document exceptions

Example use cases

  • TypeScript service: commit-msg + pre-commit-javascript + pre-commit-secrets-scanner + pre-push
  • Mixed repo: pre-commit-multi-language to auto-detect modified files and run appropriate tools
  • CI safety: pre-push runs the full test suite to reduce flaky CI failures
  • Secrets protection: pre-commit-secrets-scanner rejects commits containing OpenAI, AWS, or GitHub tokens
  • Developer onboarding: provide an installer script to copy and enable hooks automatically

FAQ

How do I install hooks quickly?

Run the provided interactive installer script or copy the relevant scripts into .git/hooks and chmod +x them.

What if a required tool is missing on a developer machine?

Document required dev dependencies and add checks in hooks or the installer; provide commands to install tools (for example uv add --dev black ruff or npm/pnpm install).